Infer CIA ratings of tech assets

[aceg1k]

Hi,

just another pull request from my side.

Rationale

Confidentiality, Integrity and Availability (CIA) of a tech asset may be inferred from the data that tech asset processes.

Proposal

Infer CIA based on the data assets processed. If CIA can not be inferred, i.e. if no data asset is processed (probably this rarely happens in practice), fall back to the lowest possible level. If a value for CIA is set, it takes precedence.